<!DOCTYPE html>
<html lang=zh>
<head><meta name="generator" content="Hexo 3.9.0">
  <meta charset="utf-8">
  
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
  <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, minimum-scale=1, user-scalable=no, minimal-ui">
  <meta name="renderer" content="webkit">
  <meta http-equiv="Cache-Control" content="no-transform">
  <meta http-equiv="Cache-Control" content="no-siteapp">
  <meta name="apple-mobile-web-app-capable" content="yes">
  <meta name="apple-mobile-web-app-status-bar-style" content="black">
  <meta name="format-detection" content="telephone=no,email=no,adress=no">
  <!-- Color theme for statusbar -->
  <meta name="theme-color" content="#000000">
  <!-- 强制页面在当前窗口以独立页面显示,防止别人在框架里调用页面 -->
  <meta http-equiv="window-target" content="_top">
  
  
  <title>篡改页面的Js代码，从而达到&#34;为所欲为&#34;的目的 | 山岚 - 90码农历险记</title>
  <meta name="description" content="声明本教程仅适用于技术交流学习，切勿用作违反国家法律法规等途径，否则应由操作人承担，本作者不承担任何责任。本教程仅做科普，如果你认为自己已经领会，还请勿喷，不要以“幸存者偏差”视角来看待任何事物。  缘由不少网站都是通过JavaScript来判断用户的输入数据，通常我们是自己构造一个Http的请求，来跳过这些JavaScript验证，但是这样需要你掌握Http请求中的各个参数的构造，所以比较繁琐。">
<meta name="keywords" content="JavaScript">
<meta property="og:type" content="article">
<meta property="og:title" content="篡改页面的Js代码，从而达到&quot;为所欲为&quot;的目的">
<meta property="og:url" content="https://blog.gobyte.cn/post/32b605b3.html">
<meta property="og:site_name" content="山岚博客">
<meta property="og:description" content="声明本教程仅适用于技术交流学习，切勿用作违反国家法律法规等途径，否则应由操作人承担，本作者不承担任何责任。本教程仅做科普，如果你认为自己已经领会，还请勿喷，不要以“幸存者偏差”视角来看待任何事物。  缘由不少网站都是通过JavaScript来判断用户的输入数据，通常我们是自己构造一个Http的请求，来跳过这些JavaScript验证，但是这样需要你掌握Http请求中的各个参数的构造，所以比较繁琐。">
<meta property="og:locale" content="zh-CN">
<meta property="og:image" content="https://p2.pstatp.com/large/pgc-image/03030fd45d79421ab8eaf2fced00b0e1">
<meta property="og:image" content="https://p2.pstatp.com/large/pgc-image/e8fad73a5d484f9ab47a97dcfeb4543e">
<meta property="og:image" content="https://p2.pstatp.com/large/pgc-image/f8633c8770924f91af807742ac179268">
<meta property="og:image" content="https://p2.pstatp.com/large/pgc-image/12a718265b52465d9434f17af0743786">
<meta property="og:image" content="https://p2.pstatp.com/large/pgc-image/d709df583bdc4192bd2a5af4283b2df0">
<meta property="og:image" content="https://p2.pstatp.com/large/pgc-image/a7c3cfa4241446b7b8da82640dbc4338">
<meta property="og:image" content="https://p2.pstatp.com/large/pgc-image/56fb0082f4f04c7ba3dc1e6beaa6a247">
<meta property="og:image" content="https://p2.pstatp.com/large/pgc-image/a7ac720ab3164b10994fd32044183b90">
<meta property="og:image" content="https://p2.pstatp.com/large/pgc-image/03a03ef74f814417bee7faac0313dbb6">
<meta property="og:image" content="https://p2.pstatp.com/large/pgc-image/be0b7511d5ff43ac9e3de6898e76f5f8">
<meta property="og:image" content="https://p2.pstatp.com/large/pgc-image/d6e579831d7944009f9220c40f290eb2">
<meta property="og:image" content="https://p2.pstatp.com/large/pgc-image/b0ea500d9d704a61a0096423c518bb54">
<meta property="og:updated_time" content="2019-12-10T08:14:59.825Z">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="篡改页面的Js代码，从而达到&quot;为所欲为&quot;的目的">
<meta name="twitter:description" content="声明本教程仅适用于技术交流学习，切勿用作违反国家法律法规等途径，否则应由操作人承担，本作者不承担任何责任。本教程仅做科普，如果你认为自己已经领会，还请勿喷，不要以“幸存者偏差”视角来看待任何事物。  缘由不少网站都是通过JavaScript来判断用户的输入数据，通常我们是自己构造一个Http的请求，来跳过这些JavaScript验证，但是这样需要你掌握Http请求中的各个参数的构造，所以比较繁琐。">
<meta name="twitter:image" content="https://p2.pstatp.com/large/pgc-image/03030fd45d79421ab8eaf2fced00b0e1">
  <!-- Canonical links -->
  <link rel="canonical" href="https://blog.gobyte.cn/post/32b605b3.html">
  
    <link rel="alternate" href="/atom.xml" title="山岚博客" type="application/atom+xml">
  
  
    <link rel="icon" href="/shan-2.png" type="image/x-icon">
  
  <link rel="stylesheet" href="/css/style.css">
  
  
  
  
</head>


<body class="main-center theme-black" itemscope itemtype="http://schema.org/WebPage">
  <header class="header" itemscope itemtype="http://schema.org/WPHeader">
  <div class="slimContent">
    <div class="navbar-header">
      
      
      <div class="profile-block text-center">
        <a id="avatar" href="https://github.com/shanlanCoding" target="_blank">
          <img class="img-circle img-rotate" src="/images/ha-002-small.png" width="200" height="200">
        </a>
        <h2 id="name" class="hidden-xs hidden-sm">山岚</h2>
        <h3 id="title" class="hidden-xs hidden-sm hidden-md">半吊子全栈开发者</h3>
        <small id="location" class="text-muted hidden-xs hidden-sm"><i class="icon icon-map-marker"></i> Work in 0755; Home is in 0713</small>
      </div>
      
      <div class="search" id="search-form-wrap">

    <form class="search-form sidebar-form">
        <div class="input-group">
            <input type="text" class="search-form-input form-control" placeholder="搜索" />
            <span class="input-group-btn">
                <button type="submit" class="search-form-submit btn btn-flat" onclick="return false;"><i class="icon icon-search"></i></button>
            </span>
        </div>
    </form>
    <div class="ins-search">
  <div class="ins-search-mask"></div>
  <div class="ins-search-container">
    <div class="ins-input-wrapper">
      <input type="text" class="ins-search-input" placeholder="想要查找什么..." x-webkit-speech />
      <button type="button" class="close ins-close ins-selectable" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">×</span></button>
    </div>
    <div class="ins-section-wrapper">
      <div class="ins-section-container"></div>
    </div>
  </div>
</div>


</div>
      <button class="navbar-toggle collapsed" type="button" data-toggle="collapse" data-target="#main-navbar" aria-controls="main-navbar" aria-expanded="false">
        <span class="sr-only">Toggle navigation</span>
        <span class="icon-bar"></span>
        <span class="icon-bar"></span>
        <span class="icon-bar"></span>
      </button>
    </div>
    <nav id="main-navbar" class="collapse navbar-collapse" itemscope itemtype="http://schema.org/SiteNavigationElement" role="navigation">
      <ul class="nav navbar-nav main-nav menu-highlight">
        
        
        <li class="menu-item menu-item-home">
          <a href="/.">
            
            <i class="icon icon-home-fill"></i>
            
            <span class="menu-title">首页</span>
          </a>
        </li>
        
        
        <li class="menu-item menu-item-archives">
          <a href="/archives/">
            
            <i class="icon icon-archives-fill"></i>
            
            <span class="menu-title">归档</span>
          </a>
        </li>
        
        
        <li class="menu-item menu-item-categories">
          <a href="/categories/">
            
            <i class="icon icon-folder"></i>
            
            <span class="menu-title">分类</span>
          </a>
        </li>
        
        
        <li class="menu-item menu-item-tags">
          <a href="/tags/">
            
            <i class="icon icon-tags"></i>
            
            <span class="menu-title">标签</span>
          </a>
        </li>
        
        
        <li class="menu-item menu-item-links">
          <a href="/links/">
            
            <i class="icon icon-friendship"></i>
            
            <span class="menu-title">友链</span>
          </a>
        </li>
        
      </ul>
      
	
    <ul class="social-links">
    	
        <li><a href="https://github.com/shanlanCoding" target="_blank" title="Github" data-toggle=tooltip data-placement=top><i class="icon icon-github"></i></a></li>
        
        <li><a href="http://mail.qq.com/cgi-bin/qm_share?t=qm_mailme&email=CWRgen1se2phZnxJeHgnamZk" target="_blank" title="Email" data-toggle=tooltip data-placement=top><i class="icon icon-email"></i></a></li>
        
    </ul>

    </nav>
  </div>
</header>

  
    <aside class="sidebar" itemscope itemtype="http://schema.org/WPSideBar">
  <div class="slimContent">
    
      <div class="widget">
    <h3 class="widget-title">公告</h3>
    <div class="widget-body">
        <div id="board">
            <div class="content">
                <p>欢迎交流与分享经验，知无不言言无不尽!</p>
            </div>
        </div>
    </div>
</div>

    
      
  <div class="widget">
    <h3 class="widget-title">分类</h3>
    <div class="widget-body">
      <ul class="category-list"><li class="category-list-item"><a class="category-list-link" href="/categories/Java/">Java</a><span class="category-list-count">4</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/JavaScript/">JavaScript</a><span class="category-list-count">2</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/windows/">windows</a><span class="category-list-count">2</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/前端/">前端</a><span class="category-list-count">9</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/博客优化/">博客优化</a><span class="category-list-count">7</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/变得更好/">变得更好</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/心情/">心情</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/手机/">手机</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/服务器/">服务器</a><span class="category-list-count">3</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/求职/">求职</a><span class="category-list-count">4</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/骚操作/">骚操作</a><span class="category-list-count">3</span></li></ul>
    </div>
  </div>


    
      
  <div class="widget">
    <h3 class="widget-title">标签</h3>
    <div class="widget-body">
      <ul class="tag-list"><li class="tag-list-item"><a class="tag-list-link" href="/tags/AutoJs/">AutoJs</a><span class="tag-list-count">2</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/Git/">Git</a><span class="tag-list-count">3</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/Hexo/">Hexo</a><span class="tag-list-count">5</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/Java/">Java</a><span class="tag-list-count">1</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/JavaScript/">JavaScript</a><span class="tag-list-count">2</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/Java面试题/">Java面试题</a><span class="tag-list-count">4</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/React/">React</a><span class="tag-list-count">6</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/React教程/">React教程</a><span class="tag-list-count">1</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/centOS/">centOS</a><span class="tag-list-count">1</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/java基础/">java基础</a><span class="tag-list-count">1</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/java集合框架/">java集合框架</a><span class="tag-list-count">1</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/linux/">linux</a><span class="tag-list-count">1</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/nginx/">nginx</a><span class="tag-list-count">2</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/vue/">vue</a><span class="tag-list-count">1</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/windows-10/">windows 10</a><span class="tag-list-count">1</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/人脸识别/">人脸识别</a><span class="tag-list-count">1</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/博客优化/">博客优化</a><span class="tag-list-count">1</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/吐槽/">吐槽</a><span class="tag-list-count">1</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/小米6/">小米6</a><span class="tag-list-count">1</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/思维改变/">思维改变</a><span class="tag-list-count">1</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/自定义手机号/">自定义手机号</a><span class="tag-list-count">1</span></li></ul>
    </div>
  </div>


    
      
  <div class="widget">
    <h3 class="widget-title">标签云</h3>
    <div class="widget-body tagcloud">
      <a href="/tags/AutoJs/" style="font-size: 13.2px;">AutoJs</a> <a href="/tags/Git/" style="font-size: 13.4px;">Git</a> <a href="/tags/Hexo/" style="font-size: 13.8px;">Hexo</a> <a href="/tags/Java/" style="font-size: 13px;">Java</a> <a href="/tags/JavaScript/" style="font-size: 13.2px;">JavaScript</a> <a href="/tags/Java面试题/" style="font-size: 13.6px;">Java面试题</a> <a href="/tags/React/" style="font-size: 14px;">React</a> <a href="/tags/React教程/" style="font-size: 13px;">React教程</a> <a href="/tags/centOS/" style="font-size: 13px;">centOS</a> <a href="/tags/java基础/" style="font-size: 13px;">java基础</a> <a href="/tags/java集合框架/" style="font-size: 13px;">java集合框架</a> <a href="/tags/linux/" style="font-size: 13px;">linux</a> <a href="/tags/nginx/" style="font-size: 13.2px;">nginx</a> <a href="/tags/vue/" style="font-size: 13px;">vue</a> <a href="/tags/windows-10/" style="font-size: 13px;">windows 10</a> <a href="/tags/人脸识别/" style="font-size: 13px;">人脸识别</a> <a href="/tags/博客优化/" style="font-size: 13px;">博客优化</a> <a href="/tags/吐槽/" style="font-size: 13px;">吐槽</a> <a href="/tags/小米6/" style="font-size: 13px;">小米6</a> <a href="/tags/思维改变/" style="font-size: 13px;">思维改变</a> <a href="/tags/自定义手机号/" style="font-size: 13px;">自定义手机号</a>
    </div>
  </div>

    
      
  <div class="widget">
    <h3 class="widget-title">归档</h3>
    <div class="widget-body">
      <ul class="archive-list"><li class="archive-list-item"><a class="archive-list-link" href="/archives/2019/12/">十二月 2019</a><span class="archive-list-count">2</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2019/11/">十一月 2019</a><span class="archive-list-count">4</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2019/10/">十月 2019</a><span class="archive-list-count">2</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2019/09/">九月 2019</a><span class="archive-list-count">1</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2019/08/">八月 2019</a><span class="archive-list-count">11</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2019/07/">七月 2019</a><span class="archive-list-count">9</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2019/06/">六月 2019</a><span class="archive-list-count">9</span></li></ul>
    </div>
  </div>


    
      
  <div class="widget">
    <h3 class="widget-title">最新文章</h3>
    <div class="widget-body">
      <ul class="recent-post-list list-unstyled no-thumbnail">
        
          <li>
            
            <div class="item-inner">
              <p class="item-category">
                <a class="category-link" href="/categories/前端/">前端</a>
              </p>
              <p class="item-title">
                <a href="/post/7080982b.html" class="title">AntD的一个警告解决方法：defaultvalue is invalid for getfielddecorator will set value please use option.initialvalue instead</a>
              </p>
              <p class="item-date">
                <time datetime="2019-12-07T08:58:03.000Z" itemprop="datePublished">2019-12-07</time>
              </p>
            </div>
          </li>
          
          <li>
            
            <div class="item-inner">
              <p class="item-category">
                <a class="category-link" href="/categories/JavaScript/">JavaScript</a>
              </p>
              <p class="item-title">
                <a href="/post/cbc43a97.html" class="title">海信A5自动阅读打卡签到工具软件脚本</a>
              </p>
              <p class="item-date">
                <time datetime="2019-12-06T09:03:39.000Z" itemprop="datePublished">2019-12-06</time>
              </p>
            </div>
          </li>
          
          <li>
            
            <div class="item-inner">
              <p class="item-category">
                <a class="category-link" href="/categories/JavaScript/">JavaScript</a>
              </p>
              <p class="item-title">
                <a href="/post/ae3d322e.html" class="title"> AutoJs获取的Text文本是乱码|Android爬虫反字体屏蔽乱码解决方案 </a>
              </p>
              <p class="item-date">
                <time datetime="2019-11-23T03:50:19.000Z" itemprop="datePublished">2019-11-23</time>
              </p>
            </div>
          </li>
          
          <li>
            
            <div class="item-inner">
              <p class="item-category">
                <a class="category-link" href="/categories/服务器/">服务器</a>
              </p>
              <p class="item-title">
                <a href="/post/1a22163b.html" class="title">GitHub克隆clone太慢添加代理加速访问</a>
              </p>
              <p class="item-date">
                <time datetime="2019-11-13T03:51:13.000Z" itemprop="datePublished">2019-11-13</time>
              </p>
            </div>
          </li>
          
          <li>
            
            <div class="item-inner">
              <p class="item-category">
                <a class="category-link" href="/categories/心情/">心情</a>
              </p>
              <p class="item-title">
                <a href="/post/d90e4430.html" class="title">奇葩公司每周晚上占用下班时间开会、团建（跑步）</a>
              </p>
              <p class="item-date">
                <time datetime="2019-11-11T06:36:16.000Z" itemprop="datePublished">2019-11-11</time>
              </p>
            </div>
          </li>
          
      </ul>
    </div>
  </div>
  

    
  </div>
</aside>

  
  
<aside class="sidebar sidebar-toc collapse" id="collapseToc" itemscope itemtype="http://schema.org/WPSideBar">
  <div class="slimContent">
    <nav id="toc" class="article-toc">
      <h3 class="toc-title">文章目录</h3>
      <ol class="toc"><li class="toc-item toc-level-3"><a class="toc-link" href="#声明"><span class="toc-number">1.</span> <span class="toc-text">声明</span></a></li></ol></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#缘由"><span class="toc-number"></span> <span class="toc-text">缘由</span></a></li><li class="toc-item toc-level-1"><a class="toc-link" href="#那么如何在不模拟Http请求的情况下跳过这些验证？"><span class="toc-number"></span> <span class="toc-text">那么如何在不模拟Http请求的情况下跳过这些验证？</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#调试方法1"><span class="toc-number">1.</span> <span class="toc-text">调试方法1</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#调试方法2"><span class="toc-number">2.</span> <span class="toc-text">调试方法2</span></a></li></ol></li></ol></li><li class="toc-item toc-level-1"><a class="toc-link" href="#通过本文，作为后端程序员，一定不可相信前端数据的合法性，一定要再次进行校验，本文完。"><span class="toc-number"></span> <span class="toc-text">通过本文，作为后端程序员，一定不可相信前端数据的合法性，一定要再次进行校验，本文完。</span></a>
    </nav>
  </div>
</aside>

<main class="main" role="main">
  <div class="content">
  <article id="post-篡改页面的Js代码，从而达到为所欲为的目的" class="article article-type-post" itemscope itemtype="http://schema.org/BlogPosting">
    
    <div class="article-header" name="标题头部>
      
        
  
    <h1 class="article-title" itemprop="name">
      篡改页面的Js代码，从而达到&#34;为所欲为&#34;的目的
    </h1>
  

      
      <div class="article-meta">
        <span class="article-date">
    <i class="icon icon-calendar-check"></i>
	<a href="/post/32b605b3.html" class="article-date">
	  <time datetime="2019-06-23T02:41:39.000Z" itemprop="datePublished">2019-06-23</time>
	</a>
</span>
        
  <span class="article-category">
    <i class="icon icon-folder"></i>
    <a class="article-category-link" href="/categories/骚操作/">骚操作</a>
  </span>

        
  <span class="article-tag">
    <i class="icon icon-tags"></i>
	<a class="article-tag-link" href="/tags/JavaScript/">JavaScript</a>
  </span>


        
	<span class="article-read hidden-xs">
	    <i class="icon icon-eye-fill" aria-hidden="true"></i>
	    <span id="busuanzi_container_page_pv">
			<span id="busuanzi_value_page_pv">0</span>
		</span>
	</span>


	<span class="article-read hidden-xs">
    	<i class="icon icon-eye-fill" aria-hidden="true"></i>
    	<span id="/post/32b605b3.html" class="leancloud_visitors"  data-flag-title="篡改页面的Js代码，从而达到&#34;为所欲为&#34;的目的">
			<span class="leancloud-visitors-count">0</span>
		</span>
    </span>

        <span class="post-comment"><i class="icon icon-comment"></i> <a href="/post/32b605b3.html#comments" class="article-comment-link">评论</a></span>
        
      </div>
    </div>
    <div class="article-entry marked-body" itemprop="articleBody" name="正文">
      
        <h3 id="声明"><a href="#声明" class="headerlink" title="声明"></a>声明</h3><p>本教程仅适用于技术交流学习，切勿用作违反国家法律法规等途径，否则应由操作人承担，本作者不承担任何责任。本教程仅做科普，如果你认为自己已经领会，还请勿喷，不要以<strong>“幸存者偏差”</strong>视角来看待任何事物。</p>
<hr>
<h1 id="缘由"><a href="#缘由" class="headerlink" title="缘由"></a>缘由</h1><p>不少网站都是通过JavaScript来判断用户的输入数据，通常我们是自己构造一个Http的请求，来跳过这些JavaScript验证，但是这样需要你掌握Http请求中的各个参数的构造，所以比较繁琐。</p>
<h1 id="那么如何在不模拟Http请求的情况下跳过这些验证？"><a href="#那么如何在不模拟Http请求的情况下跳过这些验证？" class="headerlink" title="那么如何在不模拟Http请求的情况下跳过这些验证？"></a>那么如何在不模拟Http请求的情况下跳过这些验证？</h1><p>答案当然有！<br>使用浏览器的开发者工具进行对页面的JavaScript代码修改。我使用带有Chromium内核的浏览器，篡改JavaScript代码之前，应该先找到需要篡改的关键JavaScript代码。<br>我一般是通过监听对应的事件来找到对应的JavaScript代码。</p>
<h3 id="调试方法1"><a href="#调试方法1" class="headerlink" title="调试方法1"></a>调试方法1</h3><ol>
<li>例如我需要监听Click事件，那么按下F12打开“开发者工具”，切换到“Sources”选项页面，在右侧的菜单栏里找到“Event Listener Breakpoints”，依次点击“Mouse”分类 =&gt; “Click”，勾选，如下图：<br><img src="https://p2.pstatp.com/large/pgc-image/03030fd45d79421ab8eaf2fced00b0e1" alt="click事件监听"></li>
<li>点击页面的按钮，从而浏览器会自动跳转到JavaScript代码。接着在“Sources”页面内的右侧，会有一排调试按钮可供我们使用<img src="https://p2.pstatp.com/large/pgc-image/e8fad73a5d484f9ab47a97dcfeb4543e" alt="调试按钮"></li>
<li>上面这种调试方法我并不推荐，因为调试过程中的不相关代码太多，很难找到我们需要的关键代码。通常我是用下面一种方法。<h3 id="调试方法2"><a href="#调试方法2" class="headerlink" title="调试方法2"></a>调试方法2</h3><ol>
<li>以该页面为例，我需要篡改对身份证号的判断<img src="https://p2.pstatp.com/large/pgc-image/f8633c8770924f91af807742ac179268" alt="表单"></li>
<li>通过开发者工具，定位该输入框，查看它的“Element”页的详细信息：<img src="https://p2.pstatp.com/large/pgc-image/12a718265b52465d9434f17af0743786" alt="身份证号输入框"></li>
<li>可以看到该输入框有id，但是没有class，根据经验判断。本页面的JavaScript代码应该是通过id来获取该输入框内的Value，所以我们使用“开发者调试工具”的全局搜索功能，搜索这个id名“txtCard”，从而能快速定位到对应的JavaScript代码。</li>
<li>快捷键<code>Ctrl + Shif + F</code>，搜索结果如图：<img src="https://p2.pstatp.com/large/pgc-image/d709df583bdc4192bd2a5af4283b2df0" alt="搜索结果"></li>
<li>我们可以点击上面的搜索结果，从而能跳转到对应的JavaScript源码。例如上图有两个文件，分别为<code>Sign.js</code>和<code>yidong.html</code>。43行的这个结果肯定不匹配。27行的注释，也可以忽略。那么55行的这个trim方法很关键，用过JavaScript的朋友都知道这个方法是取出字符串的前后空格的，通常是用来取值。所以我们直接点击55行，效果如下图：<img src="https://p2.pstatp.com/large/pgc-image/a7c3cfa4241446b7b8da82640dbc4338" alt="55行结果"></li>
<li>可以根据上步骤得知，最终身份证号赋值给变量<code>CentNo</code>，继续搜索<code>CentNo</code>，结果如下图：<img src="https://p2.pstatp.com/large/pgc-image/56fb0082f4f04c7ba3dc1e6beaa6a247" alt="CentNo搜索结果"></li>
<li>在页面输入错误的身份证号，会有提示：“请输入正确的身份证号”。所以步骤6的搜索结果应该选择第81行的代码，如下图：<img src="https://p2.pstatp.com/large/pgc-image/a7ac720ab3164b10994fd32044183b90" alt="81行代码"></li>
<li>简单看了一下81行代码，它是一个if判断，判断内调用一个检查身份证号方法，从而来拦截页面<code>不合法</code>的操作。这里我们只需要将if内的取反符号<code>!</code>删除，即可跳过不合法身份证号的判断了，删除后记得按下快捷键<code>Ctrl + S</code>保存。页面的文件名前面将会出现一个感叹号ICO，如下图：<img src="https://p2.pstatp.com/large/pgc-image/03a03ef74f814417bee7faac0313dbb6" alt="感叹号"></li>
<li>最后，点击提交，测试一下篡改JavaScript代码是否生效~</li>
<li>我测试通过，如下图：<img src="https://p2.pstatp.com/large/pgc-image/be0b7511d5ff43ac9e3de6898e76f5f8" alt="执行if通过">代码已经执行100行结束了，准备执行下一个if，说明100行的if修改成功。另外还有一个判断成功的方法就是页面会发送http请求到服务器，所以<code>network</code>选项里会有数据包，如下图：<img src="https://p2.pstatp.com/large/pgc-image/d6e579831d7944009f9220c40f290eb2" alt="http请求"></li>
<li>最后，页面出现喜闻乐见的弹窗提醒<img src="https://p2.pstatp.com/large/pgc-image/b0ea500d9d704a61a0096423c518bb54" alt="成功"></li>
</ol>
</li>
</ol>
<hr>
<h1 id="通过本文，作为后端程序员，一定不可相信前端数据的合法性，一定要再次进行校验，本文完。"><a href="#通过本文，作为后端程序员，一定不可相信前端数据的合法性，一定要再次进行校验，本文完。" class="headerlink" title="通过本文，作为后端程序员，一定不可相信前端数据的合法性，一定要再次进行校验，本文完。"></a><strong>通过本文，作为后端程序员，一定不可相信前端数据的合法性，一定要再次进行校验，本文完。</strong></h1>
      
    </div>

    <div class="article-footer" name="文章脚部">
      <blockquote class="mt-2x">
  <ul class="post-copyright list-unstyled">
    
    <li class="post-copyright-link hidden-xs">
      <strong>本文链接：</strong>
      <a href="https://blog.gobyte.cn/post/32b605b3.html" title="篡改页面的Js代码，从而达到&#34;为所欲为&#34;的目的" target="_blank" rel="external">https://blog.gobyte.cn/post/32b605b3.html</a>
    </li>
    
    <li class="post-copyright-license">
      <strong>版权声明： </strong> 本博客所有文章除特别声明外，均采用 <a href="http://creativecommons.org/licenses/by/4.0/deed.zh" target="_blank" rel="external">CC BY 4.0 CN协议</a> 许可协议。转载请注明出处！
    </li>
  </ul>
</blockquote>


<div class="panel panel-default panel-badger">
  <div class="panel-body">
    <figure class="media">
      <div class="media-left">
        <a href="https://github.com/shanlanCoding" target="_blank" class="img-burn thumb-sm visible-lg">
          <img src="/images/ha-002-small.png" class="img-rounded w-full" alt="">
        </a>
      </div>
      <div class="media-body">
        <h3 class="media-heading"><a href="https://github.com/shanlanCoding" target="_blank"><span class="text-dark">山岚</span><small class="ml-1x">半吊子全栈开发者</small></a></h3>
        <div>大龄萌新；新时代福娃；喜欢东搞西搞；对待问题有独到的见解；</div>
      </div>
    </figure>
  </div>
</div>


    </div>
  </article>
  
    
  <section id="comments">
  	
      <div id="vcomments"></div>
    
  </section>


  
</div>

  <nav class="bar bar-footer clearfix" data-stick-bottom>
  <div class="bar-inner">
  
  <ul class="pager pull-left">
    
    <li class="prev">
      <a href="/post/7294a25e.html" title="入门-利用Java免费使用百度人脸识别对妹纸进行打分"><i class="icon icon-angle-left" aria-hidden="true"></i><span>&nbsp;&nbsp;上一篇</span></a>
    </li>
    
    
    <li class="next">
      <a href="/post/55ff314c.html" title="教你&#34;自定义&#34;选择手机号码"><span>下一篇&nbsp;&nbsp;</span><i class="icon icon-angle-right" aria-hidden="true"></i></a>
    </li>
    
    
    <li class="toggle-toc">
      <a class="toggle-btn collapsed" data-toggle="collapse" href="#collapseToc" aria-expanded="false" title="文章目录" role="button">
        <span>[&nbsp;</span><span>文章目录</span>
        <i class="text-collapsed icon icon-anchor"></i>
        <i class="text-in icon icon-close"></i>
        <span>]</span>
      </a>
    </li>
    
  </ul>
  
  
  
  <div class="bar-right">
    
  </div>
  </div>
</nav>
  



  	<script>
	  <!-- 百度站长自动推送链接 -->
		(function(){
		var bp = document.createElement('script');
		var curProtocol = window.location.protocol.split(':')[0];
		if (curProtocol === 'https') {
			bp.src = 'https://zz.bdstatic.com/linksubmit/push.js';
		}
		else {
			bp.src = 'http://push.zhanzhang.baidu.com/push.js';
		}
		var s = document.getElementsByTagName("script")[0];
		s.parentNode.insertBefore(bp, s);
		})();
	</script>
</main>

  <footer class="footer" itemscope itemtype="http://schema.org/WPFooter">
	
	
    <ul class="social-links">
    	
        <li><a href="https://github.com/shanlanCoding" target="_blank" title="Github" data-toggle=tooltip data-placement=top><i class="icon icon-github"></i></a></li>
        
        <li><a href="http://mail.qq.com/cgi-bin/qm_share?t=qm_mailme&email=CWRgen1se2phZnxJeHgnamZk" target="_blank" title="Email" data-toggle=tooltip data-placement=top><i class="icon icon-email"></i></a></li>
        
    </ul>



	<div class="powered-by" name="不蒜子" sytle="font-size:12px">
		<i class="icon icon-users"></i>
		<span id="busuanzi_container_site_uv">
			总访客 : <span id="busuanzi_value_site_uv"></span>
		</span><br/>
		<i class="icon icon-eye-fill"></i>
		<span id="busuanzi_container_site_pv">
		    总阅读 : <span id="busuanzi_value_site_pv"></span>
		</span>
	</div>
    
	<div class="copyright" name="作者">
		
		<div class="publishby">
			Theme by <a href="https://github.com/cofess" target="_blank"> cofess </a>base on <a href="https://github.com/cofess/hexo-theme-pure" target="_blank">pure</a>.
		</div>
	</div>

</footer>
  <script src="//cdn.jsdelivr.net/npm/jquery@1.12.4/dist/jquery.min.js"></script>

<script>
	window.jQuery || document.write('<script src="js/jquery.min.js"><\/script>')

		<!-- 百度统计 -script.ejs --> 
		var _hmt = _hmt || [];
		(function() {
		  var hm = document.createElement("script");
		  hm.src = "https://hm.baidu.com/hm.js?e003775b21b75a71e1396c1fc395cce7";
		  var s = document.getElementsByTagName("script")[0]; 
		  s.parentNode.insertBefore(hm, s);
		})();

		<!-- 新浪云防盗链 -->
		var link = "" ;
		setTimeout( function(){
			$("img").each( (i,o) => {
				var o = $(o);
				if(o.attr("src").indexOf("sinaimg") > 0 ){
					o.attr("referrerpolicy","no-referrer");
					link = o.attr("src");
					o.attr("src",link);
				}
			});
		},1000);

</script>

<script src="/js/plugin.min.js"></script>
<script src="/js/application.js"></script>

    <script>
(function (window) {
    var INSIGHT_CONFIG = {
        TRANSLATION: {
            POSTS: '文章',
            PAGES: '页面',
            CATEGORIES: '分类',
            TAGS: '标签',
            UNTITLED: '(未命名)',
        },
        ROOT_URL: '/',
        CONTENT_URL: '/content.json',
    };
    window.INSIGHT_CONFIG = INSIGHT_CONFIG;
})(window);
</script>
<script src="/js/insight.js"></script>






	
   
<script async src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script>




   
    
  <script src="//cdn1.lncld.net/static/js/3.0.4/av-min.js"></script>
  <script src="//cdn.jsdelivr.net/npm/valine"></script>
  <script type="text/javascript">
  var GUEST = ['nick', 'mail', 'link'];
  var meta = 'nick,mail,link';
  meta = meta.split(',').filter(function(item) {
    return GUEST.indexOf(item) > -1;
  });
  new Valine({
    el: '#vcomments',
    verify: false,
    notify: false,
    appId: 'ksrz2lYRLkGCOqMraVC2gBB3-gzGzoHsz',
    appKey: 'ehlbHl0wgN6gbvN4NQexYxnl',
    placeholder: '说点什么吧？',
    avatar: 'robohash',
    meta: meta,
    pageSize: '10' || 10,
    visitor: true
  });
  </script>

     







</body>
</html>